1rlogin(1) User Commands rlogin(1)
2
3
4
6 rlogin - remote login
7
9 rlogin [-8EL] [-ec ] [-A] [-K] [-x] [-PN | -PO] [-f | -F] [-a]
10 [-l username] [-k realm] hostname
11
12
14 The rlogin utility establishes a remote login session from your termi‐
15 nal to the remote machine named hostname. The user can choose to ker‐
16 berize the rlogin session using Kerberos V5 and also protect the data
17 being transferred.
18
19
20 Hostnames are listed in the hosts database, which can be contained in
21 the /etc/hosts file, the Network Information Service (NIS) hosts map,
22 the Internet domain name server, or a combination of these. Each host
23 has one official name (the first name in the database entry), and
24 optionally one or more nicknames. Either official hostnames or nick‐
25 names can be specified in hostname.
26
27
28 The user can opt for a secure rlogin session which uses Kerberos V5 for
29 authentication. Encryption of the session data is also possible. The
30 rlogin session can be kerberized using any of the following Kerberos
31 specific options: -A, -PN or -PO, -x, -f or -F, and -k realm. Some of
32 these options (-A, -x, -PN or -PO, and -f or -F) can also be specified
33 in the [appdefaults] section of krb5.conf(4). The usage of these
34 options and the expected behavior is discussed in the OPTIONS section
35 below. If Kerberos authentication is used, authorization to the account
36 is controlled through rules in krb5_auth_rules(5). If this authoriza‐
37 tion fails, fallback to normal rlogin using rhosts occurs only if the
38 -PO option is used explicitly on the command line or is specified in
39 krb5.conf(4). Also notice that the -PN or -PO, -x, -f or -F, and -k
40 realm options are just supersets of the -A option.
41
42
43 The remote terminal type is the same as your local terminal type, as
44 given in your environment TERM variable. The terminal or window size is
45 also copied to the remote system if the server supports the option.
46 Changes in size are reflected as well. All echoing takes place at the
47 remote site, so that (except for delays) the remote login is transpar‐
48 ent. Flow control using Control-S and Control-Q and flushing of input
49 and output on interrupts are handled properly.
50
52 The following options are supported:
53
54 -8 Passes eight-bit data across the net instead of seven-
55 bit data.
56
57
58 -a Forces the remote machine to ask for a password by send‐
59 ing a null local username.
60
61
62 -A Explicitly enables Kerberos authentication and trusts
63 the .k5login file for access-control. If the authoriza‐
64 tion check by in.rlogind(1M) on the server-side succeeds
65 and if the .k5login file permits access, the user is
66 allowed to login without supplying a password.
67
68
69 -ec Specifies a different escape character, c, for the line
70 used to disconnect from the remote host.
71
72
73 -E Stops any character from being recognized as an escape
74 character.
75
76
77 -f Forwards a copy of the local credentials (Kerberos
78 Ticket Granting Ticket) to the remote system. This is a
79 non-forwardable ticket granting ticket. You must forward
80 a ticket granting ticket if you need to authenticate
81 yourself to other Kerberized network services on the
82 remote host. An example is if your home directory on the
83 remote host is NFS mounted via Kerberos V5. If your
84 local credentials are not forwarded in this case, you
85 can not access your home directory. This option is mutu‐
86 ally exclusive with the -F option.
87
88
89 -F Forwards a forwardable copy of the local credentials
90 (Kerberos Ticket Granting Ticket) to the remote system.
91 The -F option provides a superset of the functionality
92 offered by the -f option. For example, with the -f
93 option, after you connected to the remote host, any
94 attempt to invoke /usr/bin/ftp, /usr/bin/telnet,
95 /usr/bin/rlogin, or /usr/bin/rsh with the -f or -F
96 options would fail. Thus, you would be unable to push
97 your single network sign on trust beyond one system.
98 This option is mutually exclusive with the -f option.
99
100
101 -k realm Causes rlogin to obtain tickets for the remote host in
102 realm instead of the remote host's realm as determined
103 by krb5.conf(4).
104
105
106 -K This option explicitly disables Kerberos authentication.
107 It can be used to override the autologin variable in
108 krb5.conf(4).
109
110
111 -l username Specifies a different username for the remote login. If
112 you do not use this option, the remote username used is
113 the same as your local username.
114
115
116 -L Allows the rlogin session to be run in "litout" mode.
117
118
119 -PN Explicitly requests the new (-PN) or old (-PO) version
120 -PO of the Kerberos `rcmd' protocol. The new protocol avoids
121 many security problems prevalant in the old one and is
122 considered much more secure, but is not interoperable
123 with older (MIT/SEAM) servers. The new protocol is used
124 by default, unless explicitly specified using these
125 options or by using krb5.conf(4). If Kerberos authoriza‐
126 tion fails when using the old `rcmd' protocol, there is
127 fallback to regular, non-kerberized rlogin. This is not
128 the case when the new, more secure `rcmd' protocol is
129 used.
130
131
132 -x Turns on DES encryption for all data passed through the
133 rlogin session. This reduces response time and increases
134 CPU utilization.
135
136
137 Escape Sequences
138 Lines that you type which start with the tilde character (~) are
139 "escape sequences." The escape character can be changed using the -e
140 option.
141
142 ~. Disconnects from the remote host. This is not the same as a
143 logout, because the local host breaks the connection with no
144 warning to the remote end.
145
146
147 ~susp Suspends the login session, but only if you are using a shell
148 with Job Control. susp is your "suspend" character, usually
149 Control-Z. See tty(1).
150
151
152 ~dsusp Suspends the input half of the login, but output is still
153 able to be seen (only if you are using a shell with Job Con‐
154 trol). dsusp is your "deferred suspend" character, usually
155 Control-Y. See tty(1).
156
157
159 hostname The remote machine on which rlogin establishes the remote
160 login session.
161
162
164 For the kerberized rlogin session, each user can have a private autho‐
165 rization list in a file, .k5login, in his home directory. Each line in
166 this file should contain a Kerberos principal name of the form princi‐
167 pal/instance@realm. If there is a ~/.k5login file, access is granted to
168 the account if and only if the originating user is authenticated to one
169 of the principals named in the ~/.k5login file. Otherwise, the origi‐
170 nating user is granted access to the account if and only if the authen‐
171 ticated principal name of the user can be mapped to the local account
172 name using the authenticated-principal-name → local-user-name mapping
173 rules. The .k5login file (for access control) comes into play only when
174 Kerberos authentication is being done.
175
176
177 For the non-secure rlogin session, each remote machine can have a file
178 named /etc/hosts.equiv containing a list of trusted host names with
179 which it shares user names. Users with the same user name on both the
180 local and remote machine can rlogin from the machines listed in the
181 remote machine's /etc/hosts.equiv file without supplying a password.
182 Individual users camayn set up a similar private equivalence list with
183 the file .rhosts in their home directories. Each line in this file con‐
184 tains two names, that is, a host name and a user name, separated by a
185 space. An entry in a remote user's .rhosts file permits the user named
186 username who is logged into hostname to log in to the remote machine as
187 the remote user without supplying a password. If the name of the local
188 host is not found in the /etc/hosts.equiv file on the remote machine,
189 and the local user name and host name are not found in the remote
190 user's .rhosts file, then the remote machine prompts for a password.
191 Host names listed in the /etc/hosts.equiv and .rhosts files must be the
192 official host names listed in the hosts database. Nicknames can not be
193 used in either of these files.
194
195
196 For security reasons, the .rhosts file must be owned by either the
197 remote user or by root.
198
200 /etc/passwd Contains information about users' accounts.
201
202
203 /usr/hosts/* For hostname version of the command.
204
205
206 /etc/hosts.equiv List of trusted hostnames with shared user
207 names.
208
209
210 /etc/nologin Message displayed to users attempting to login
211 during machine shutdown.
212
213
214 $HOME/.rhosts Private list of trusted hostname/username combi‐
215 nations.
216
217
218 $HOME/.k5login File containing Kerberos principals that are
219 allowed access.
220
221
222 /etc/krb5/krb5.conf Kerberos configuration file.
223
224
225 /etc/hosts Hosts database.
226
227
229 See attributes(5) for descriptions of the following attributes:
230
231
232
233
234 ┌─────────────────────────────┬─────────────────────────────┐
235 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
236 ├─────────────────────────────┼─────────────────────────────┤
237 │Availability │SUNWrcmdc │
238 └─────────────────────────────┴─────────────────────────────┘
239
241 rsh(1), stty(1), tty(1), in.rlogind(1M), hosts(4),hosts.equiv(4),
242 krb5.conf(4), nologin(4), attributes(5), krb5_auth_rules(5)
243
245 The following message indicates that the machine is in the process of
246 being shutdown and logins have been disabled:
247
248 NO LOGINS: System going down in N minutes
249
250
251
253 When a system is listed in hosts.equiv, its security must be as good as
254 local security. One insecure system listed in hosts.equiv can compro‐
255 mise the security of the entire system.
256
257
258 The Network Information Service (NIS) was formerly known as Sun Yellow
259 Pages (YP.) The functionality of the two remains the same. Only the
260 name has changed.
261
262
263 This implementation can only use the TCP network service.
264
265
266
267SunOS 5.11 23 Dec 2008 rlogin(1)